OAuth Attribute Template Construction

OAuth attribute template configuration allows to modify, create, duplicate and delete OAuth attribute templates.

Description

Description of the configuration object

Name

The name of the attribute figuring in the OAuth token. The key to which a specific value is mapped. If no name is specified, value 'unknown' is used by default.It is strongly recommended to make the attribute name as short as possible in order to prevent unnecessarily large tokens, while keeping the names unique and avoiding registered JWT claims.

Mandatory

Whether or not an OAuth attribute is mandatory. If the attribute is mandatory, the OAuth token issuance fails if the attribute value is unavailable. For introspection endpoint, templates that are specific for a given token type, will not fail the operation if the attribute value is unavailable, even if the attribute is marked as mandatory.

OAuth attribute value template

The identifier of the OAuth Attribute value template to be used with this template. The template provides the instructions on how to source the current value.

Freshness

The freshness of the value.

  • ORIGINAL returns always the value that have been resolved during the original issuance of the token. The values are retrieved from the original token according to the 'name' parameter, hence, this strongly assumes the uniqueness of the name parameter.

  • SERVER_SUBJECT_SOURCED tries to find if SSO session used for creation of corresponding token is still active, and if so, retrieves the value from it. If not, ORIGINAL is used.- FRESH tries to find if SSO session used for creation of corresponding token is still active, and if so, retrieves the value from it. If not, tries to construct the value from corresponding persisted parameters (in UserRepo and AppRepo), and if not possible, ORIGINAL is used.

  • Allowed Values:

    • ORIGINAL

    • SERVER_SUBJECT_SOURCED

    • FRESH